beginning of sops-setup

2024-06-16 16:04:39 -06:00
parent 8096a7cd4c
commit befb789e29
9 changed files with 139 additions and 66 deletions
--- a/jawz.nix
+++ b/jawz.nix
@@ -1,7 +1,18 @@
-{ ... }: {
+{ config, ... }: {
+  sops.secrets = {
+    jawz-password.neededForUsers = true;
+    "private_keys/age".path = "/home/jawz/.ssh/ed25519_age";
+    "public_keys/age".path = "/home/jawz/.ssh/ed25519_age.pub";
+    # "private_keys/server".path = "/home/jawz/.ssh/ed25519_server";
+    # "public_keys/server".path = "/home/jawz/.ssh/ed25519_server.pub";
+    # "private_keys/miniserver".path = "/home/jawz/.ssh/ed25519_miniserver";
+    # "public_keys/miniserver".path = "/home/jawz/.ssh/ed25519_miniserver.pub";
+    # "public_keys/galaxy" = { };
+    # "public_keys/deacero" = { };
+  };
  users.users.jawz = {
    isNormalUser = true;
-    initialPassword = "password";
+    hashedPasswordFile = config.sops.secrets.jawz-password.path;
    extraGroups = [
      "wheel"
      "networkmanager"
@@ -17,7 +28,7 @@
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
+      (builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILgKVjMLYdE0u+96Y2RjTh5Pf8f4n0h3oMUG6728YGHw jawz@miniserver"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
    ];